The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface (Category 8) by processing untrusted data from remote APIs to drive transaction execution. 1. Ingestion points: Data enters the agent context through GET requests to app.across.to and across.to endpoints in scripts/across_api.py and scripts/bridge.py. 2. Boundary markers: The skill does not implement boundary markers or instructions to ignore potential injection in the API response. 3. Capability inventory: The execute_across_bridge function in scripts/across_api.py utilizes a wallet transfer function to perform on-chain actions (approvals and swaps) using the API's provided data. 4. Sanitization: There is no evidence of sanitization or validation of the 'to' address, 'data' payload, or 'value' fields returned by the API before they are passed to the wallet for execution.
[COMMAND_EXECUTION]: The SKILL.md file utilizes exec(open().read()) to dynamically load and execute script content from scripts/across_api.py at runtime. While the target is a local file, this pattern constitutes dynamic code execution.
[DATA_EXFILTRATION]: The skill performs network operations via the requests library to official Across protocol domains to fetch quotes. While expected for the skill's purpose, it involves sending user-specific parameters like wallet addresses and token amounts to an external service.

@1365/across-bridge